Hi: I'm currently using Geronimo 2.2 and OpenLDAP: slapd 2.3.43.
I’m trying to create an LDAP Security Realm on the Geronimo server that will query my OpenLDAP server. For the most part, it works. However, the realm cannot seem to differentiate between the two different groups on the LDAP server. Resulting in any member being authenticated no matter which group they belong to, which is not what I want. I’m only trying to authenticate users if they are members of the 'CLINICS' group. Here’s how my LDAP is setup: dc=mydomain,dc=on,dc=ca (objectClass=dcObject, organization) ou=groups (objectClass=organizationalUnit) cn=ADMIN (objectClass=groupOfUniqueNames) cn=CLINICS (objectClass=groupOfUniqueNames) uid=User1,ou=people,dc=mydomain,dc=on,dc=ca uid=User2,ou=people,dc=mydomain,dc=on,dc=ca uid=User3,ou=people,dc=mydomain,dc=on,dc=ca cn=SUPPLIERS (objectClass=groupOfUniqueNames) uid=Supplier1,ou=people,dc=mydomain,dc=on,dc=ca uid=Supplier2,ou=people,dc=mydomain,dc=on,dc=ca ou=people (objectClass=organizationalUnit) uid=User1 (objectClass=inetOrgPerson) uid=User2 (objectClass=inetOrgPerson) uid=User3 (objectClass=inetOrgPerson) uid=Supplier1 (objectClass=inetOrgPerson) uid=Supplier1 (objectClass=inetOrgPerson) On the Geronimo Side, here is how I set up my realm: Initial Context Factory: com.sun.jndi.ldap.LdapCtxFactory Connection URL: ldap://localhost:389 Connect Username: cn=someuser,dc=mydomain,dc=on,dc=ca Connect Password: secret Confirm Password: secret Connect Protocol: Authentication: simple User Base: ou=people,dc=mydomain,dc=on,dc=ca User Search Matching: uid={0} User Search Subtree: false Role Base: cn=CLINICS,ou=groups,dc=vpcl,dc=on,dc=ca Role Name: cn Role User Search String: uid={0} Role Search Subtree: false User Role Search String: memberOf={0} I’ve tried replacing the ‘User Search Matching’ and or the ‘Role User Search String’ with stuff like: (&(uid={0})(cn=CLINICS,ou=groups,dc=mydomain,dc=on,dc=ca)(attr=uniqueMember)) But it’s just not working out. On a side note: I do have Apache directives using this LDAP database as well as some PHP Applications. I just don’t know why I can’t get Geronimo to work with it. Any help would be appreciated. Thanks... Fred -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Geronimo-OpenLDAP-not-quite-right-tp3986519.html Sent from the Users mailing list archive at Nabble.com.